moloch & amazon vpc traffic mirroring · who am i? •erik freeland...
TRANSCRIPT
2‹#›
Moloch & Amazon VPC Traffic MIrroring
What Am I Presenting?
• Complete cloudformation template for AWS installation of Moloch• Preview of official AWS Quickstart
• Core Requirements:• Cloud native components that can all autoscale independently• Decouple Elasticsearch from capture & viewer• Centralize all packet storage on S3• Allow for multi-viewer support• Allow for installation into new & existing VPCs
Who Am I?
• Erik Freeland • @ejfreeland [email protected]
• 25+ years in computing, networking, & security.• Working on Banyan Vines to AWS
• Currently Director of Customer Success for Nubeva• Nubeva has solved OOB TLS Decryption in the “cloud”
Why Should I Care?
• https://medium.com/wardleymaps
Actual Demo Diagram
Availability
• Now• www.nubeva.com
• New VPC -https://nubevalabs.s3.amazonaws.com/quickstart/templates/nubeva-master.template.yaml
• Existing VPC -https://nubevalabs.s3.amazonaws.com/quickstart/templates/nubeva.template.yaml
But Wait There’s More
But Wait There’s More
Nubeva TLS Decryption
Unencrypted Traffic
Encrypted Traffic
Application cluster
Clients
AppNubeva TLS SensorsDiscover Individual
Session Final Secrets from Memory in Realtime
Universal Software Decryptor (Container)
Decrypt Anywhere, Anytime,To Any Tool or Files
Using Any Packet Source
Copies of PacketsRealtime Streams
and Historical PCAPs
Encrypted Key Plane
13
‹#›
Thanks